Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme

The Play ransomware group claims to have stolen sensitive data from donut and coffee retail chain Krispy Kreme.

The Play ransomware group has claimed responsibility for the cyberattack that disrupted operations at donut and coffee retail chain Krispy Kreme last week.

The incident occurred on November 29, the North Carolina company said in a regulatory filing with the Securities and Exchange Commission (SEC) last week.

“Krispy Kreme shops globally are open, and consumers are able to place orders in person, but the company is experiencing certain operational disruptions, including with online ordering in parts of the United States,” the company said.

While the retail chain did not say if file-encrypting ransomware had been used in the attack, the operational disruptions it mentioned in an incident notice posted on its website and in the SEC filing suggested that ransomware might have been used.

The suspicion was confirmed this week, when the Play ransomware group added Krispy Kreme to its Tor-based leak site, claiming the theft of a trove of data, including IDs, business documents, personal information, and payroll, financial, and accounting information.

The threat actor is threatening to make the allegedly stolen data publicly available unless a ransom is paid by December 21.

Advertisement. Scroll to continue reading.

Krispy Kreme has not provided public confirmation on the threat actor’s data exfiltration claims. SecurityWeek has emailed the company for clarification and will update this article as soon as a reply arrives.

Active since at least June 2022 and also known as Playcrypt, the Play ransomware has made hundreds of victims in the Americas and Europe. By December 2023, the group had claimed responsibility for roughly 400 intrusions.

Related: SRP Federal Credit Union Ransomware Attack Impacts 240,000

Related: Hacker Conversations: Dan McInerney and Puzzle-Driven Hacking

Related: Cyberinsurance Premiums are Going Down: Here’s Why and What to Expect

Related: Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.